Fix/security audit improvements #119
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit addresses critical and minor issues found during a security
audit of the C function wrappers that interface with libsodium:
1. CRITICAL: Fix incorrect key size constant in auth.c
- Changed crypto_secretbox_KEYBYTES to crypto_auth_KEYBYTES in
pgsodium_crypto_auth_verify_by_id() function (line 112)
- While both constants are 32 bytes, using the wrong constant is
semantically incorrect and could break if constants change
2. CRITICAL: Fix buffer size calculation in aead.c
- Fixed double ABYTES addition in pgsodium_crypto_aead_ietf_encrypt_by_id()
- Changed VARSIZE_ANY() to VARSIZE_ANY_EXHDR() for correct size (line 168)
- Removed redundant SET_VARSIZE that added ABYTES twice (line 177-178)
- This prevents potential buffer overruns
3. Fix VARSIZE inconsistency in box.c
- Changed VARSIZE() to VARSIZE_ANY() in pgsodium_crypto_box_seal_open()
(line 306)
- Ensures correct handling of short-header varlena types
4. Use size_t consistently for size variables
- Changed int to size_t in noncegen functions in aead.c and secretbox.c
- Improves type safety and prevents potential overflow issues
All changes maintain backward compatibility while improving security
and correctness of the cryptographic operations.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
The decrypt function needs to receive the full ciphertext length including the ABYTES authentication tag, not the plaintext length. This fixes the test failure in test/aead.sql line 68. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
PostgreSQL 17 and 18 automatically create array types for composite types and register them as extension dependencies. This adds a version-conditional check to include these array types in the expected schema only for PG 17+. This ensures the test passes on all supported versions (14, 15, 16, 17, 18). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
- Changed from git clone of PostgreSQL repository to downloading release tarballs from ftp.postgresql.org - This significantly speeds up Docker image build times - Updated test.sh version string handling to match tarball naming 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Dockerfile optimizations: - Implement multi-stage build with Debian Bookworm slim base images - Separate build dependencies from runtime dependencies - Reduce final image size from ~2GB to ~268MB (87% reduction) - Fix locale generation for proper PostgreSQL initialization - Copy pg_prove test tool to runtime stage PostgreSQL 18.0 compatibility: - Fix test failure due to NOT NULL constraints becoming named constraints - Add conditional checks for key_created_not_null and key_id_not_null - Constraints now properly ordered by type (c, f, n, p, u) then name All tests passing on PostgreSQL 14, 15, 16, 17, and 18 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.